Normally, you can update the Pipeline Pilot SSL Certificates through the Admin Portal under Security > SSL Certificate.
But if the Admin Portal is not accessible, for example if the current certificate has expired, you might need to update these manually at the OS level.
Just like when you update the certificates from the Admin Portal, you first need to obtain a new valid certificate as a key pair, comprised of a public key embedded in a signed certificate and private key, both formatted in the PEM (PKCS10) format. Please note that the key must not be password protected. Typically, you will have two files like:
- certificatefile.crt
- keyfile.key
In many cases, certificates are provided in the PKCS12 format as a PFX file and you can extract the certificate and key files from this using openssl with the following commands:
openssl pkcs12 -in .pfx -nokeys -out certificatefile.crtopenssl pkcs12 -in .pfx -nocerts -nodes -out keyfile.key
On Windows, openssl.exe is located in "
On Linux, the openssl executable is located in "
Once you have the certificate and key files available, you can copy these two files into the locations given below using the correct names.
NOTE 1: There are two different locations to where the certificate and key files has to be copied.
NOTE 2: The file names are difference between the two locations.
For the Tomcat Application Server, the certificate and key files should be copied to:
"\web\conf\ses-signed.crt"
"\web\conf\ses-signed.key"
For the Apache Web Server in Pipeline Pilot 2024 SP1 and older, the certificate and key files should be copied to:
"\apps\scitegic\core\packages_win64\apache\httpd\conf\ssl\ses-server.crt"
"\apps\scitegic\core\packages_win64\apache\httpd\conf\ssl\ses-server.key"
For the Apache Web Server in Pipeline Pilot 2025 and later, the certificate and key files should be copied to:
"\config\httpd\ssl\ses-server.crt"
"\config\httpd\ssl\ses-server.key" 